Glossary
Simple definitions and explanations of Kubernetes components, concepts, and security terms
Admission Controller
A plugin that intercepts API server requests to validate or mutate resources before they are persisted
API Server
The central management component that exposes the Kubernetes API
ClusterRole
A cluster-scoped RBAC object that defines permissions across all namespaces or for non-namespaced resources
ClusterRoleBinding
A cluster-scoped RBAC object that grants the permissions defined in a ClusterRole across the entire cluster
ConfigMap
A Kubernetes object used to store non-sensitive configuration data as key-value pairs
Container
A lightweight, standalone executable unit that packages an application and its dependencies
Container Escape
A security vulnerability where an attacker breaks out of a container to access the host system
CronJob
A Kubernetes controller that creates Jobs on a recurring schedule defined using cron syntax
CustomResourceDefinition
A way to extend Kubernetes by defining your own resource types
DaemonSet
Ensures a copy of a Pod runs on all or selected nodes in the cluster
Deployment
A controller that manages the desired state of Pods and ReplicaSets
etcd
The distributed key-value store that holds all Kubernetes cluster state
Helm
A package manager for Kubernetes that bundles resources into reusable, versioned charts
Ingress
Manages external HTTP/HTTPS access to services in the cluster
Job
A Kubernetes controller that runs one or more Pods to successful completion
kube-proxy
A network proxy that runs on each node and maintains network rules for Services
Kubelet
The agent running on each node that manages Pods and containers
Label and Selector
Key-value pairs attached to Kubernetes objects and the queries used to filter them
Namespace
A virtual cluster within Kubernetes used to isolate and organize resources
NetworkPolicy
A Kubernetes resource that controls traffic flow between pods and namespaces
Node
A worker machine in Kubernetes that runs Pods and is managed by the control plane
Operator
A pattern for extending Kubernetes with custom controllers that automate the management of complex applications
PersistentVolume
A piece of storage in the cluster that has been provisioned for use by Pods independently of their lifecycle
Pod
The smallest deployable unit in Kubernetes that can be created and managed
RBAC (Role-Based Access Control)
A method of regulating access to computer or network resources based on the roles of individual users
ReplicaSet
A Kubernetes controller that ensures a specified number of Pod replicas are running at all times
Role
A namespace-scoped RBAC object that defines a set of permissions for resources within a single namespace
RoleBinding
A namespace-scoped RBAC object that grants the permissions defined in a Role to users, groups, or service accounts
Secret
A Kubernetes object used to store sensitive data such as passwords, tokens, and keys
Service
An abstraction that exposes a set of Pods as a network service
ServiceAccount
An identity for processes running inside Pods to authenticate with the API server
StatefulSet
A Kubernetes workload controller for managing stateful applications that require stable identities and persistent storage
Taint and Toleration
A mechanism to control which Pods can be scheduled onto specific nodes
Volume
A directory accessible to containers in a Pod, used to share data or persist state beyond a container's lifetime